A multi-point collaborative DDoS defense mechanism for IIoT environment

Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

Automated summary

Nowadays, intelligent devices in the Industrial Internet of Things (IIoT) face unprecedented cybersecurity challenges. Due to limited security budget, IIoT devices are vulnerable to Distributed Denial-of-Service (DDoS) attacks, leading to disastrous consequences. Traditional defense solutions for networks cannot be directly applied to IIoT, requiring a multi-point collaborative defense mechanism. This mechanism includes an edge-centric mechanism called EdgeDefense for detecting and mitigating DDoS attacks, as well as a blockchain-based collaborative defense model for securely sharing defense information across the network.